JP2013156757A - Apparatus connecting to network, control method for apparatus, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve the problem in which: when access control is performed on a multifunction peripheral according to the security policy of a whole office and if the security policy is not followed, it is difficult for an administrator to determine which setting item has to be changed to correct it.SOLUTION: An apparatus verifies whether a setting value is set correctly according to a security policy, and controls a program for shifting to a screen indicating a correction method if there is any incorrect setting.

Description

  The present invention relates to a device connected to a network, and more particularly to a device in which an operation policy is set.

Office devices such as recent digital multifunction peripherals are required to be operated in accordance with an operation policy such as a security policy determined for each office or each business entity. The security policy indicates a basic policy regarding information security of a business entity or the like. For example, a policy that requires user authentication when operating office equipment or that data encryption on a communication path when communicating with other equipment is required as a security policy. .
Recent digital multi-function peripherals not only print or transmit image data, but also can access image data stored in the device from a PC, and have many functions as a server. For this reason, digital multifunction peripherals are strongly required to follow security policies in the same way as server devices.
By the way, in a conventional digital multi-function peripheral, it is possible for an administrator to make some settings related to the operation of the device (hereinafter referred to as user mode) and to operate according to the security policy at the discretion of the administrator. is there.
However, in the conventional user mode setting, it is necessary to set many setting items correctly, and if the setting is not done correctly, operation that does not comply with the security policy is effectively allowed, which may threaten the security of the office. there were.
Thus, Patent Document 1 proposes a system for setting a security policy not only from the user mode but also from the outside. Patent Document 1 compares a security policy with a user mode when a device is activated, and permits activation only when it is determined that the setting can comply with the security policy.

JP 2009-230178 A

In a conventional system, when a certain security policy is introduced, the user mode setting may not follow the security policy. In that case, there is a security risk such as information leakage or unauthorized use when the MFP is activated. In order to cope with this problem, it is necessary to change the setting of the user mode to comply with the security policy.
However, the setting items of the user mode of the multi-function peripheral are enormous, and it is difficult for the administrator to determine which setting item should be changed to comply with the security policy when not complying with the security policy.
In view of such a problem, the present invention provides a method for presenting a solution to a user as to which setting item should be changed when the operation mode setting of a device does not comply with the operation policy. Objective.

  In order to achieve the above object, the device according to the present invention is based on policy setting means for setting an operation policy of the device, mode setting means for setting the operation mode of the device, and settings made by the mode setting means. In response to determining that the operation mode of the device complies with the operation policy set by the policy setting unit, and that the determination unit does not comply with the operation policy, Control means for controlling to change to a screen for changing a setting that does not comply with the operation policy.

  ADVANTAGE OF THE INVENTION According to this invention, when the setting of the operation mode of an apparatus does not follow an operation policy, the method for showing a user the solution of which setting item should be changed can be provided.

2 is a hardware configuration diagram illustrating a configuration of a multifunction machine 101 according to the present embodiment. FIG. 4 is an example of a screen displayed on the operation unit 103 of the multifunction machine 101. 3 is a diagram illustrating user mode setting values stored in a storage device 110 of the multifunction machine 101. FIG. 3 is an example of a screen for setting a security policy when a policy setting icon 205 is pressed on the screen of FIG. 6 is a table showing a policy table stored in the storage device 110 of the multifunction machine 101. This is a policy file generated by the multifunction machine 101. 5 is a flowchart for explaining processing executed by the multifunction machine 101 in response to an operation on an operation unit 103. 10 is a flowchart for describing processing of the multifunction peripheral 101 that is executed when a policy verification icon 206 is pressed on the operation unit 103. 6 is an example of a screen displayed when the multifunction machine 101 does not comply with the security policy. 10 is a flowchart for explaining the operation of the multifunction machine 101 executed when the multifunction machine 101 does not comply with the security policy. 5 is a flowchart for explaining the operation of a network communication unit 102. 1 is a block diagram illustrating a system configuration of a system including a multifunction peripheral and a PC.

[First Embodiment]
The best mode for carrying out the present invention will be described below with reference to the drawings.

  FIG. 1 is a hardware configuration diagram illustrating a configuration of a digital multifunction peripheral 101 (hereinafter simply referred to as a multifunction peripheral) which is an example of an office device. In FIG. 1, reference numeral 102 denotes a network communication unit for connecting to a personal computer (PC) or another digital multifunction peripheral.

  An operation 103 includes a part (display part) that displays various setting states of the apparatus connected to the multifunction peripheral 101 and an operation state of the multifunction peripheral 101 (display part), and a part that performs user operation of the multifunction peripheral 101 (input part). Part. As a configuration of the operation unit 103, there are a liquid crystal panel as a display portion, a touch panel integrated with the liquid crystal panel as an input portion, and a hard key that realizes hardware as a contact.

  Reference numeral 108 denotes a CPU used for image processing of print data and various controls. Reference numeral 109 denotes a RAM for temporarily storing information such as program codes and image data for operating the CPU 108.

  Reference numeral 110 denotes a non-volatile storage device that stores program codes to be executed by the CPU 108 and image data for printing / editing / transmission. In addition to the program code and image data, the storage device 110 stores setting values related to the operation of the multifunction machine 101 (hereinafter referred to as user mode setting values). As will be described later, the user mode setting value can be changed according to pressing of a user mode setting icon displayed on the operation unit 103. Further, the storage device 110 also stores security policy data determined for each office or business entity.

  A print engine 111 uses a known technique such as an electrophotographic technique or an inkjet technique for printing an image on a paper medium. Reference numeral 112 denotes a scanner engine that optically reads an image printed on a paper medium.

  When using the copy function using hardware resources such as the scanner engine 112 and the print engine 111, the multi-function peripheral 101 performs the following processing. That is, starting from a user operation on the operation unit 103, the CPU 108 reads image data from the scanner engine 112 according to the program code developed from the storage device 110 to the RAM 109. The CPU 108 fetches the read image data into the RAM 109, performs predetermined image processing, and outputs it to the print engine 111.

  Further, when using the transmission function using hardware resources such as the scanner engine 112 and the network communication unit 102, the multi-function peripheral 101 performs the following processing. That is, starting from the operation of the operation unit 103, the CPU 108 reads image data from the scanner engine 112 in accordance with the program code developed in the RAM 109. Then, the CPU 108 captures the read image data into the RAM 109, performs a predetermined format conversion, outputs the data to the network communication unit 102, and transmits the data to the designated destination device.

  FIG. 2 is an example of an operation screen that is initially displayed on the operation unit 103 when the MFP 101 of FIG. 201 denotes an entire operation screen, and 202 denotes a copy icon for selecting a copy function. Reference numeral 203 denotes a transmission icon for selecting transmission. Reference numeral 204 denotes a user mode setting icon for setting a user mode setting value. Reference numeral 205 denotes a policy setting icon for setting a security policy. Reference numeral 206 denotes a policy verification icon for performing security policy verification.

  In the example of FIG. 2, since the policy is not verified, the function of the MFP 101 is limited (the copy icon 202 and the transmission icon 203 cannot be pressed).

  FIG. 3 illustrates a management table for managing user mode setting values stored in the storage device 110. The user mode setting value shown in FIG. 3 can be input or changed via an operation screen (not shown) displayed when the user presses the user mode setting icon 204 of FIG.

  In FIG. 3, the left column shows setting items 300 for user mode setting values. In the present embodiment, the setting item 300 includes items “IPP print processing / SSL is used” and “SMTP / SSL is used”. Also, "Use SSL communication / strong encryption", "Create PDF / use strong encryption", "Use user authentication", "Restrict user authentication / password characters" Has an item.

  The IPP (Internet Printing Protocol) shown here is a protocol for transmitting print data to a printer or multifunction peripheral via the Internet, and is defined in RFC2565 or the like.

  SMTP (Simple Mail Transfer Protocol) is an e-mail transmission protocol defined by RFC821, and is a protocol for transmitting an image scanned by a multifunction peripheral as an attached file for e-mail transmission.

  Since both IPP and SMTP are used for transmission / reception of image data via a network (particularly the Internet), there is a possibility that confidential data is included. Therefore, the communication path is encrypted using SSL (Secure Socket Layer). SSL is a protocol that provides encryption and integrity to a TCP session, and is defined in RFC2246.

  PDF indicates Portable Document Format, which is an electronic document format defined by ISO-32000, and can be encrypted with a password to maintain confidentiality. A plurality of PDF encryption methods can be selected, indicating that this security policy is limited to a strong one.

  The user mode setting value 301 is set by the operation of S705 described later with reference to FIG. In the present embodiment, the user mode setting value 301 is expressed as a binary value of “ON” or “OFF”, but may have a numerical value or may have a plurality of structure structures. The storage device 110 stores a list of user mode setting values, for example, an XML structure or a CSV structure.

  311 is information indicating a setting address of each user mode setting value. The address information 311 is information for uniquely identifying an operation screen for setting the setting item 300 corresponding to the address. More specifically, it is provided to enable easy transition to a screen for changing the corresponding user mode setting value when the result of security policy verification is NG. This address information 311 will be described later in the operation of S1010.

  Note that the user mode setting values shown in FIG. 3 show only the setting values related to the application of the security policy in the present embodiment, and besides these, various user modes not related to the security policy. Setting value exists.

  FIG. 4 is a screen for setting a security policy displayed by the operation unit 103 and is displayed when the policy setting icon 205 in FIG. 2 is pressed. Note that setting of a security policy via this screen can be performed only by an administrator who has special authority.

  Reference numeral 401 denotes a policy setting screen. In the present embodiment, only two network communication policies 502 and authentication policies 503 will be described for the sake of simplicity of explanation, but more security policies may actually exist.

  Reference numeral 402 denotes an icon for selecting setting of a network communication policy (policy when the multi-function peripheral 101 communicates with a terminal on the network). Reference numeral 403 denotes an icon for selecting setting of an authentication policy (policy for authenticating a user who logs in to the multifunction peripheral 101).

  Reference numeral 404 denotes a network communication policy screen displayed when the network communication policy icon 402 is pressed. There are two security policies “encrypt communication path” and “restrict to encryption strength”. Exists. Then, there are “Yes” and “No” icons for setting whether to apply a security policy to each item. In FIG. 4, it is assumed that an icon that is white on a black background is set. In the case of FIG. 4, it is shown that both “encrypt communication path” and “restrict encryption only to strong ones” are selected as security policies.

  Reference numeral 407 denotes an authentication policy screen displayed when the user presses 403, and there are two security policies “requires user authentication” and “restrict passwords with strong passwords”. Similarly, there are “Yes” and “No” icons for setting whether to apply each security policy. In this case, “Must require user authentication” is selected as the security policy. Show. Reference numeral 410 denotes an icon for completing the setting of the security policy. When the setting is completed, the CPU 108 generates a policy file to be described later.

  FIG. 5 is a table showing a policy table for associating a security policy and a user mode setting value stored in the storage device 110. The policy table is stored as digital information in the storage device 110, and the format may be XML format or CSV format.

  Here, each column in the figure indicates a security policy, and each row indicates a user mode setting value. Further, “ON / <numerical value>” described in each cell indicates that the user mode setting value described in the row has an indispensable condition according to the security policy described in the column. On the other hand, “-” indicates that the user mode setting value described in the row is not an essential condition according to the security policy described in the column.

  For example, it is assumed that the security policy “encrypt communication path” of the network communication policy is set on the screen of FIG. In this case, in order to comply with the security policy, the user mode setting values “Use IPSec”, “Use IPP printing / SSL”, or “Use SMTP / SSL” must be ON. I must. Note that IPSec indicates Security Architecture for Internet Protocol, and indicates a protocol that provides data falsification prevention and confidentiality functions in units of IP packets defined by RFC1825 or the like.

  Further, “/ <numerical value>” following “ON” means a policy group. For the security policy in which the policy group is set, the user mode setting value belonging to one of the policy groups specified by <numerical value> must be turned on. For example, there are policy group 1 and policy group 2 for the security policy “encrypt communication path”. In order to comply with the security policy “encryption of communication path”, the user mode setting value “Use IPSec” belonging to policy group 1 is turned on, or “IPP printing / SSL” belonging to policy group 2 It is necessary to set both the “use” and “use SMTP / SSL” settings to the ON state. That is, in order to satisfy the network communication policy of the security policy, the administrator is given a plurality of solutions. For example, assume that the user selects policy group 1 (ON / 1) for the network communication policy. In this case, encryption is performed at the IP layer by IPSec, and it is not necessary to perform encryption by IPP or SMTP operating at the higher layer, so the user mode setting value belonging to the policy group 2 is turned ON. There is no need. On the other hand, when policy group 2 (ON / 2) is selected as a policy measure, encryption using IPSec is not essential, and encryption using SSL is required. In this way, an administrator can select multiple solutions to achieve one policy.

  Note that if the user mode setting value, which is an indispensable condition of the applied security policy, is OFF, the copy icon 202 and the transmission icon 203 are shaded on the screen of FIG. Certain functions are limited.

  On the other hand, it is assumed that the security policy “restrict ciphers are strong” is set to “yes”. In this case, two user setting values described as ON / 3 in the table, “Use SSL communication / strong cipher strength” and “Use PDF generation / strong cipher strength” are essential. Yes (must be on)

  Similarly, when the security policy “Mandatory user authentication” is applied, the user mode setting value “Use user authentication” is essential. Similarly, when a security policy of “restrict passwords to those having strength” is applied, a user mode setting value of “restrict user authentication / password characters” is essential. In the example of the screen of FIG. 4, there is no essential user mode setting value because the security policy “restrict passwords to those having strength” is “No”.

  The CPU 108 extracts essential user mode setting values from the policy table (FIG. 5) and the security policy input on the screen of FIG. Then, a policy file (file shown in FIG. 6 to be described later) in which the required user mode setting value is described is generated and stored in the storage device 110.

  FIG. 6 shows an example of a policy file generated by the CPU 108 in response to setting a security policy with the policy setting icon 205. The policy file of FIG. 6 is dynamically generated from the combination of the policy table of FIG. 5 described above and the security policy settings input on the screen of FIG. Specifically, “ON / numerical value (policy group number)” is described in the column of “restriction condition” of the extracted mandatory user mode setting value. Then, the security policy that becomes a necessary cause is described in the “Reason for restriction” column. On the other hand, items with “-” in the “Constraint” and “Reason for restriction” fields indicate that there is no constraint. The flag string is an area for use in verifying a policy to be described later.

  The format of the policy file may be XML format or CSV format, but any format may be used as long as the data structure can represent a table. The policy file of FIG. 6 is used when determining whether or not the user mode setting value of the multifunction peripheral 101 is in accordance with the security policy.

  In the above description, the structure of data necessary for appropriately operating the multifunction peripheral 101 according to the outline of the system to which the present embodiment can be applied and the security policy has been described. In the following description, the operation of the multifunction machine 101 in this embodiment will be described.

  FIG. 7 is a flowchart for explaining operations executed in the multifunction machine 101. The operation unit 103 of the multi-function peripheral 101 starts operating when the multi-function peripheral 101 is activated, and continues to operate until the operation of the multi-function peripheral 101 is stopped.

  In FIG. 7, first, in S <b> 700, the multifunction machine 101 waits for a user input from the input part by the operation unit 103. In the case of a touch panel, user input is accepted by pressing an icon displayed on the liquid crystal panel.

  In step S <b> 701, the multifunction peripheral 101 determines whether the input from the user is a press of the security policy setting icon 205. If the user presses the security policy setting icon 205, the process proceeds to S702. In S <b> 702, the CPU 108 displays the screen 401 in FIG. 4 on the operation unit 103, and accepts a security policy setting by a user (actually a person with special administrator authority). The security policy information set on each of the screens 401, 404, and 407 in FIG. 4 is stored in the storage device 110 when the OK icon 410 is pressed.

  Next, in S703, if the security policy is set, if the MFP 101 is used in its current state, there is a possibility that unauthorized operation may occur. Therefore, the CPU 108 sets a security policy unchecked flag, and proceeds to S700. Return. In the present embodiment, when the security policy is unchecked, the copy icon 202 and the transmission icon 203 in FIG. 2 are shaded, and the use of functions corresponding to these icons is prohibited. This is a measure for preventing the multifunction device 101 from being used in a state that violates the policy due to a change in the security policy setting.

  If it is determined in step S701 that the security policy setting icon 205 has not been pressed, the CPU 108 determines in step S704 whether or not the user mode setting icon 204 has been pressed. If it is determined that the user mode setting icon 204 is pressed (Yes in S704), the CPU 108 sets the user mode setting value in accordance with the user input from the operation unit 103 in S705. When the setting of the user mode setting value is completed, in S706, the CPU 108 determines whether or not the user mode setting value set in S705 is a setting value that affects (relates) the security policy. That is, as shown in FIG. 3, “IPP printing processing / SSL is used”, “SMTP / SSL is used”, “SSL communication / use of strong encryption strength”, “PDF creation / encryption strength is strong” It is determined whether the user mode setting value has been changed from any of “use thing”, “use user authentication”, or “limit user authentication / password characters”.

  If it is determined in S706 that the user mode setting value that affects the security policy is changed, the CPU 108 sets the security policy to an unchecked state in S707 and returns to S700. If it is determined No in S706, the process returns to S700.

  If it is determined in S708 that the operation on the operation unit 103 is an operation of the policy verification icon 206, in S709, the CPU 108 performs security policy verification. Details of this processing will be described later with reference to FIG.

  If the security policy has been successfully verified in S710, the CPU 108 checks the security policy (releases the unchecked flag of the security policy) in S711, and returns to S700. In the present embodiment, in response to the security policy being checked, the copy icon 202 and the transmission icon 203 in FIG.

  If it is determined in step S710 that the verification has failed, in step S715, what causes the security policy not being satisfied is specified, and the policy resolution screen (FIG. 9) is displayed. A method for generating and displaying the policy resolution screen will be described later (FIG. 10).

  If it is determined in S708 that the policy verification icon 206 has not been pressed, the CPU 108 determines that either the copy icon 202 or the transmission icon 203 has been pressed. In step S712, the CPU 108 determines whether the security policy is in an unchecked state. If it is determined that the security policy is in an unchecked state, in step S713, the operation unit 103 displays “The operation cannot be performed because the security policy is not checked”, and the execution of the operation is restricted. On the other hand, if it is determined that the security policy is in the checked state, the function selected in S714 is executed. The function here indicates a function unique to the multifunction peripheral such as copying and transmission.

  As described above, the security policy check state becomes an unchecked state in accordance with the change of the user mode (S707) or the change of the security policy (S703). As long as it is in an unchecked state, the use of the copy function and transmission function of the multifunction peripheral is prohibited. The unchecked state shifts to the checked state when the security policy is verified and succeeded. As described above, only when it is confirmed that the security policy can be maintained, the operation unique to the MFP can be performed.

  FIG. 8 is a flowchart for explaining the operation of the multifunction machine 101. This flowchart corresponds to the processing of S709 in FIG.

  In step S <b> 801, the CPU 108 acquires a policy file from the storage device 110 in response to pressing of the policy verification icon 206 via the operation unit 103. Next, in S802, all the flag columns (right column) of the policy file acquired in S801 are once initialized to TRUE. Note that TRUE means that the constraint is satisfied.

  A loop is made from S803, and one line is obtained from the policy file. This corresponds to each line of the policy file described in FIG. In step S804, the CPU 108 checks the acquired row constraint condition. This corresponds to the value of 枡 for the constraint column in FIG. For example, in the case of the setting item “IPP printing / printing SSL”, “ON / 2” is a constraint condition.

  In step S <b> 804, the CPU 108 checks the value of the constraint condition and determines whether there is a constraint condition. In the example of FIG. 6, it is determined that there is a constraint condition when the constraint condition is “ON”, and that there is no constraint condition when the constraint condition is “−”.

  If it is determined that there is no restriction condition, the process advances to step S809 to check whether all the lines in the policy file have been checked. If there is a line that has not been checked, the process returns to step S803. On the other hand, if it is determined that there is a constraint condition, the CPU 108 acquires the corresponding user mode setting value from the storage device 110 in S805.

  In step S806, it is determined whether the constraint condition matches the user mode setting value. In the case of the above example, since the constraint condition is “ON / 2” and the user mode setting value is “ON”, it is determined that the user mode setting value for the corresponding line can maintain the security policy. In this case, the process proceeds to S809 without doing anything.

  On the other hand, if it is determined in S806 that they do not match, in S807, the CPU 108 changes the flag of the row from TRUE to FALSE. This is used later to determine whether or not the security policy can be observed.

  In step S808, the CPU 108 checks whether there are rows belonging to the same policy group among unchecked rows having the same restriction reason as the row restriction reason acquired in step S803. As a result of this check, if such an unchecked line exists, the flag of the line is also changed from TRUE to FALSE. Thus, the reason for changing the flag of the same restriction reason and the same policy group row to FALSE is as follows. That is, if even one restriction condition does not match the user mode setting value for the same restriction reason and the same group, there is no possibility of achieving the security policy based on the user mode setting value belonging to the policy group.

  For example, in the restriction condition “communication path is encrypted” in FIG. 7, the user mode setting values for policy group 2 are “use IPP printing / SSL” and “use SMTP / SSL”. There are two. If one of them is in the OFF state, since the security policy can no longer be achieved in group 2, both flags are changed from TRUE to FALSE.

  Subsequently, in S809, it is confirmed whether all the lines in the policy file have been confirmed. If there are still lines, the process returns to S803. When the confirmation of all the rows is completed, first, in S810, a verification success flag as a variable is once initialized to TRUE. TRUE indicates that the verification was successful. In step S811, the CPU 108 rereads the policy file from the top. A loop is made from S812, and in S812, the CPU 108 extracts the next line from the policy file.

  In S813, the row flag that matches the reason for restriction of the fetched row is checked for all rows. In S814, whether any flag remains TRUE in any row (this is one policy group that satisfies the restriction reason). But also show that).

  If not, the verification success flag is set to FALSE in S815. In S816, if there are still rows remaining, the process returns to S812. In the last case, a verification success flag is returned in S817. This verification flag is TRUE only when a group that can achieve the policy is found for all constraint reasons, and FALSE when no group that can achieve the policy for any constraint reason is found. In this way, it is possible to determine whether a plurality of restriction reasons, a plurality of policy groups, or the setting of the device conforms to the policy file.

  FIG. 9 is an example of a screen that presents a solution when the MFP 101 does not comply with the security policy. The screen in FIG. 9 is displayed on the operation unit 103 in accordance with an instruction from the CPU 108.

  Reference numeral 901 denotes a security policy resolution screen that is displayed first when it is determined that the MFP 101 does not comply with the security policy. Here, one icon is displayed for the reason for restriction necessary for solving the security policy. Those that satisfy the security policy are not displayed in 901. The screen example in FIG. 9 is displayed when the security policy for performing communication path encryption and the security policy for using user authentication are not satisfied (that is, there is a user mode setting value that does not comply with the security policy). It is a screen. If the icon does not fit on one screen, a scroll bar may be displayed to scroll the screen. Reference numeral 904 denotes an OK icon. When all user modes have been set, this icon is pressed to end the screen. Here, a screen in a case where the icon 902 “encrypt communication path” is presented to 910. This screen can select either the icon 911 corresponding to the solution 1 or the icon 912 corresponding to the solution 2 with respect to the restriction condition “the communication path is encrypted”. That is, there are two solutions.

  Reference numeral 913 denotes an OK icon. When all user modes have been set, this icon is pressed to end the screen.

  When the solution 1 icon 911 is pressed here, the screen transits to a screen 920, and a user mode setting “use IPSec” icon 921 for performing the solution is displayed. Alternatively, when the solution 2 icon 912 is pressed, the screen transitions to a screen 930 and user mode settings (931, 932) for performing the solution “IPP printing / use SSL” “SMTP authentication / SSL use” "Yes" is displayed in a selectable manner. Reference numeral 933 denotes an OK icon. When all user modes have been set, this icon is pressed to end the screen.

  FIG. 10 is a flowchart for explaining the operation of the multifunction machine 101. This flowchart corresponds to the process of S715 in FIG.

  In step S <b> 1001, the CPU 108 opens a policy file stored in the storage device 110. In step S1002, one line is extracted from the policy file. In S1003, the reason for restriction of the row taken out is taken out.

  In step S <b> 1004, the CPU 108 searches the policy file for a constraint reason of TRUE. If all FALSEs are determined in S1005, a resolution screen is constructed because there is no security group that can comply with the policy for the restriction reason. In step S1006, the restriction reason icons 902 and 903 are added to the resolution screen 901. In step S1007, a resolution screen 910 corresponding to the reason for the restriction is generated. This screen is changed by the icon added in S1006.

  In step S1008, solution method icons 911 and 912 are added to the resolution screen generated in step S1007 by the number of groups corresponding to the restriction reason.

  In S1009, solution method screens 920 and 930 are generated for each group. Each screen is changed by the solution icon added in S1008. In S1010, a setting icon to be resolved for each group is added to the resolution method screen generated in S1009. At this time, each setting icon is changed to an actual setting screen according to information described in the setting address associated with the user mode setting value in FIG. This setting screen is the same as the conventional user mode setting screen.

  The multifunction machine 101 has not only a function that operates in response to an instruction from the operation unit 103 but also a service through a network. A typical example is a print service using a printer port (such as LPR or PORT 9100). In addition, a web interface for a web browser using HTTP (HyperText Transfer Protocol, defined by RFC2616) may be used.

  Similarly to the operation on the operation unit 103, the service by the network is blocked when it is determined that the security policy cannot be maintained.

  FIG. 11 is a flowchart for explaining the operation of the network communication unit 102 arranged on the multifunction machine 101. In S1101 of FIG. 11, the check state of the security policy set in S703, S707, or S711 of FIG. 7 is determined. As a result, if it is determined that it is in an unchecked state, the network port is closed in S1103, and if not, the network port is opened in S1102. The network port indicates a specific interface for implementing the services described above, and the service can be restricted by closing the network port. It should be noted that the network actually needs to implement a protocol stack, which is the same as in the prior art.

  In addition to connecting to the network, the network communication unit 102 can be adapted to a local interface such as a USB (Universal Serial Bus).

  As described above, according to the present embodiment, when the security policy is not satisfied, a solution can be presented immediately on the policy resolution screen. That is, the user (actually the administrator) can immediately grasp which user mode setting value should be changed to satisfy the security policy, and the labor involved in changing the setting value of the administrator can be reduced.

  In the present embodiment, each step of the flowcharts of FIGS. 7, 9, and 10 has been described as being executed by the CPU 108 by reading the program code from the storage device 110. However, some of these steps may be implemented using other hardware resources. For example, “security policy verification processing” and “policy resolution screen display processing” in S709 may be executed by a processing device other than the CPU. For example, a policy verification unit may be provided as a device that executes the processing of S709, and the policy verification unit may verify the security policy in response to an instruction from the operation unit.

  Further, in the present embodiment, the user mode setting value in FIG. 3, the policy table in FIG. 5, and the policy file in FIG. 6 are described as being stored in the storage device 110. However, these pieces of information may be stored in different storage devices.

[Second Embodiment]
In the first embodiment, the case where the security policy is set by the multifunction machine 101 is presented. However, in reality, multiple multifunction devices may be installed in offices and corporate entities, and it takes time and effort to set security policies for individual devices, making the administrator's work more complicated. . Therefore, in the second embodiment, a mode in which a security policy is generated on the server side will be described.

  FIG. 12 is a block diagram illustrating a system configuration of a system including a multifunction machine and a PC according to the second embodiment. In FIG. 12, 1201 is a PC, 1211 is a multifunction machine, and 1220 is a predetermined communication means for connecting the PC 1201 and the multifunction machine 1211.

  Further, in the PC 1201, 1202 is a CPU for operating the PC, and 1203 is a RAM for temporarily storing program codes and data for the CPU 1202 to operate.

  Reference numeral 1204 denotes a storage device composed of an HDD or the like that permanently stores program codes and data operated by the CPU 1202. An operation unit 1205 includes a predetermined input / output device such as a liquid crystal display, a keyboard, and a mouse, 1206 a network communication unit that communicates with the communication unit 1220, and 1209 a policy generation unit that sets a security policy.

  The difference in the second embodiment is that the policy table of FIG. 5 is transferred from the PC 1201 via the network communication unit 1206, the communication unit 1220, and the network communication unit 1216. The policy table is transferred using a file transfer protocol such as FTP or SMB, and the communication path is encrypted using SSL or the like.

  The operation of the multifunction machine 1211 is the same as that of the first embodiment except that the security policy is not set by the operation unit of the multifunction machine. That is, as in the first embodiment, a policy file is generated based on the policy table and the user mode setting value, whether or not the multifunction device complies with the security policy is verified, and if not, a solution is presented.

  In the second embodiment, security policy generation is concentrated on the PC side, thereby facilitating introduction into a plurality of multifunction peripherals.

(Other embodiments)
The present invention can also be realized by executing the following processing. That is, software (program) that realizes the functions of the above-described embodiments is supplied to a system or apparatus via a network or various storage media, and a computer (or CPU, MPU, or the like) of the system or apparatus reads the program. It is a process to be executed.

101 Digital MFP 102 Network Communication Unit 103 Operation Unit 108 CPU
109 RAM
110 Nonvolatile storage device 111 Print engine 112 Scanner engine

Claims (5)

Policy setting means for setting the operation policy of the device;
Mode setting means for setting the operation mode of the device;
A determination unit that determines whether or not the operation mode of the device based on the setting performed by the mode setting unit complies with the operation policy set by the policy setting unit;
If it is determined by the determination means that the operation policy is not observed, the operation mode setting required to comply with the operation policy of the device determined to be not observed is identified and the specified setting Control means for controlling to transition to the operation screen for performing,
A device characterized by comprising:   The device according to claim 1, wherein the operation policy is a policy related to security when communicating with another device via a network. Further comprising transmission means for transmitting data to an external device according to the setting made by the mode setting means;
3. The device according to claim 1, wherein when the determination unit determines that the operation policy is not observed, use of the transmission unit is prohibited. And at least one of a scanner and a printer,
4. The apparatus according to claim 1, further comprising a unit that prohibits use of the scanner and the printer when the determination unit determines that the operation policy is not observed. . A policy setting step for setting the operation policy of the device;
A mode setting step for setting the operation mode of the device;
A determination step of determining whether or not the operation mode of the device based on the setting performed in the mode setting step complies with the operation policy set in the policy setting step;
When it is determined that the operation policy is not observed in the determination step, the setting of the operation mode required to comply with the operation policy of the device determined not to comply is identified and specified. A transition to the operation screen for performing
A method for controlling a device, comprising:

Images